Hi Ben,
The IIS 6.0 Deployment Guide has a whole chapter dedicted to IIS 6
Security, including permissions, policies, best practices, and other
topics. You can download the guide here:
http://microsoft.com/downloads/details.aspx?FamilyId=F31A5FD5-03DB-46D2-9F34 -596EDD039EB9&displaylang=en
Also, there will be a KB article outlining the minimum permissions needed
for IIS 6 publicly available in the near future.
Thanks,
Michael Laing
Microsoft Developer Support
Internet Information Server
***********************
[quoted text, click to view] >>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2003 Microsoft Corporation. All rights reserved.
***********************
--------------------
| Content-Class: urn:content-classes:message
| From: "Ben Millspaugh" <ben@refron.com>
| Sender: "Ben Millspaugh" <ben@refron.com>
| Subject: IIS 6.0 Default Security...
| Date: Wed, 30 Jul 2003 12:53:24 -0700
| Lines: 48
| Message-ID: <024401c356d4$3cb387c0$a501280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcNW1DyzbVy3xdvtT5SWfIxij1snUw==
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.inetserver.iis.security:3017
| NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I have used IIS for years and am in the process of moving
| my websites to IIS 6.0 (new servers, not upgrades). I
| would like to lock down the security, but I don't want to
| lock it down so much that the system can no longer process
| the files. I also see that Windows Server 2003 & IIS 6.0
| add new users and groups such as ASPNET and the IIS_WPG
| group which I want to make sure I include in the security
| setting for new websites. I have searched Microsoft's
| website for a very simple default list of what users and
| groups should be allowed and what permissions they should
| have, but I found nothing. I found lots of documents on
| how to set the permissions, but none on what to set them.
| Please tell me what I should be setting the permissions to
| when I create a new website. I can then add on additional
| settings as needed. For reference, here is a list of the
| default permissions that are assigned to the wwwroot
| folder:
|
| Administrators (Group - Administrator): Full
|
| IIS_WPG (Group - IWAM_ServerName, Local Service, Network
| Service & System): Read & Execute
|
| Interactive: List Folder Contents
|
| IUSR_ServerName: List Folder Contents
|
| Network: List Folder Contents
|
| Network Service: List Folder Contents
|
| OWS_123456789_admin (Group - Administrators Group): List
| Folder Contents
|
| OWS_987654321_admin (Group - Administrator): List Folder
| Contents
|
| System: Full
|
| Users (Group - ASPNET, Authenticated Users Group,
| Interactive): Read & Execute
|
| As you can see there are a lot of permissions and some of
| them are redundant. I need to create new root level
| folders for other websites and I want to make sure that I
| copy over exactly what I need.
|
| Thanks in advance, Ben
|
